成长值: 59230
|
题目不是很完整,答案仅供参考5 c4 e- n6 a3 U/ M+ F# d5 S
" d G# s# o( G" l( b: x# aQuestion 01:
# S* _" J( C& F' E2 [Witch access list entry checks for an ACK within a packet header?# T0 L( u. z+ Z: i
A access-list 49 permit ip any any eq 21 tcp-ack
9 v7 q9 H- f7 tB access-list 49 permit tcp any any eq 21 tcp-ack
0 x' |4 ]& ?' i1 HC access-list 149 permit tcp any any eq 21 established
0 |2 T* e! Y7 l. Q4 SD access-list 49 permit tcp any any eq 21 established
3 C3 f( o9 ~" Q$ N5 [. ]. |Ans: C9 [- L8 q% t; E; A7 x. m2 r
———————————————————————————
, u5 R& Q8 F+ N- R- B0 dQuestion 02:
- z2 T3 d" D5 q8 z# d, B1 TWhich option is one way to mitigate symmetric routing on an active/active firewall setup for TCP-based connections?
, {: I3 x/ M( {7 o) u9 S& VA performing packet captures
- K: G) J, @& mB disabling asr-group commands on interfaces that are likely to receive asymetric traffic+ V, T% X$ O; M
C replacing them with redundant routers and allowing load balancing
+ a, b1 P) w- _8 sD disabling stateful TCP checks
( C2 r: G" `2 r6 u/ l5 DAns: D
- ?5 b+ z Y* y( U, ^- T q9 H# t; W/ t0 \3 G: Y$ P. @, C
- o1 t, R" h9 p2 y, Y! w |
|